US6260132B1 - Method and apparatus for secure address re-mapping - Google Patents

Method and apparatus for secure address re-mapping Download PDF

Info

Publication number
US6260132B1
US6260132B1 US09/241,263 US24126399A US6260132B1 US 6260132 B1 US6260132 B1 US 6260132B1 US 24126399 A US24126399 A US 24126399A US 6260132 B1 US6260132 B1 US 6260132B1
Authority
US
United States
Prior art keywords
address decoder
address
decoder module
modules
bus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
US09/241,263
Inventor
Mark Leonard Buer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NXP BV
Original Assignee
VLSI Technology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by VLSI Technology Inc filed Critical VLSI Technology Inc
Assigned to VLSI TECHNOLOGY, INC. reassignment VLSI TECHNOLOGY, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BUER, MARK LEONARD
Priority to US09/241,263 priority Critical patent/US6260132B1/en
Priority to EP99962947A priority patent/EP1066567B1/en
Priority to JP2000596462A priority patent/JP2002536718A/en
Priority to CNB998069167A priority patent/CN1154930C/en
Priority to PCT/US1999/028356 priority patent/WO2000045272A1/en
Priority to DE69941253T priority patent/DE69941253D1/en
Publication of US6260132B1 publication Critical patent/US6260132B1/en
Application granted granted Critical
Assigned to PHILIPS SEMICONDUCTORS VLSI INC. reassignment PHILIPS SEMICONDUCTORS VLSI INC. CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: VLSI TECHNOLOGY, INC.
Assigned to NXP B.V. reassignment NXP B.V. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PHILIPS SEMICONDUCTORS INC.
Assigned to PHILIPS SEMICONDUCTORS INC. reassignment PHILIPS SEMICONDUCTORS INC. CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: PHILIPS SEMICONDUCTORS VLSI INC.
Assigned to PHILIPS SEMICONDUCTORS INTERNATIONAL B.V. reassignment PHILIPS SEMICONDUCTORS INTERNATIONAL B.V. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KONINKLIJKE PHILIPS ELECTRONICS N.V.
Assigned to NXP B.V. reassignment NXP B.V. CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: PHILIPS SEMICONDUCTORS INTERNATIONAL B.V.
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1441Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range

Definitions

  • the present invention concerns security with a computing system, and pertains particularly to secure address remapping.
  • Address decoders are often utilized for memory mapping within a computing system.
  • AMBA Advanced Microcontroller Bus Architecture
  • ASB AMBA System Bus
  • an address decoder includes a plurality of address decoder modules.
  • Each address decoder module has a select line for each of a plurality of devices.
  • Each of a plurality of XOR combination circuits performs a logic XOR function of all select lines for a single device from the plurality of devices.
  • State control within the address decoder activates one address decoder module at a time.
  • each address decoder module is connected to an address bus portion of an AMBA System Bus (ASB).
  • ASB AMBA System Bus
  • each address decoder module can be implemented as a standard ASB address decoder.
  • the state control asserts reset signals of all address decoder modules that are not activated.
  • the permission access level required to access a device and the base address used to access a device can vary dependent on which address decoder module is activated. For example, different boot addresses for a processor could be accessed such that initially software could be booted (location 0 ) from flash memory and then copied to random access memory (RAM) to be executed such that RAM now utilizes boot address (location 0 ).
  • the present invention allows for the addition of security features into an address decoder.
  • the use of multiple address decoder modules, as set out in the present invention allows the re-use of a standard block to form a secure address decoder.
  • the present invention allows for a simpler design when an address decoder needs to take into account state changes.
  • FIG. 1 is a simplified block diagram that shows a modular address decoder used to decode addresses on a bus in order to select a device in accordance with a preferred embodiment of the present invention.
  • FIG. 2 is a simplified block diagram of the modular address decoder with secure features shown in FIG. 1 in accordance with a preferred embodiment of the present invention.
  • FIG. 3 shows simplified input/output (I/O) for an address decoder module in accordance with a preferred embodiment of the present invention.
  • FIG. 4 is a simplified block diagram of an address decoder module in accordance with a preferred embodiment of the present invention.
  • FIG. 1 is a simplified block diagram that shows a modular address decoder 10 used to decode addresses on a bus 30 in order to select one of a plurality of devices represented by a device 11 , a device 12 and a device 13 . While three devices are shown by way of example, any number of devices may be used.
  • address decoder 10 When an address on bus 30 indicates device 11 is to be selected, address decoder 10 will assert the signal on a device select line 37 . When an address on bus 30 indicates device 12 is to be selected, address decoder 10 will assert the signal on a device select line 38 . When an address on bus 30 indicates device 13 is to be selected, address decoder 10 will assert the signal on a device select line 39 .
  • Bus 30 operates in accordance with the Advanced Microcontroller Bus Architecture (AMBA).
  • AMBA Advanced Microcontroller Bus Architecture
  • FIG. 2 is a block diagram of address decoder 10 .
  • Address decoder 10 includes a plurality of address decoder modules.
  • the address decoder modules are represented by an address decoder module 21 , an address decoder module 22 and an address decoder module 23 . While three address decoder modules are shown by way of example, it is only required for the present invention that at least two address decoder modules are present. Any number greater than two is acceptable.
  • Each address decoder module has a unique device select line for each device.
  • address decoder module 21 has a device select line 41 for a first device, a device select line 44 for a second device and a device select line 47 for a third device.
  • Address decoder module 22 has a device select line 42 for a first device, a device select line 45 for a second device and a device select line 48 for a third device.
  • Address decoder module 23 has a device select line 43 for a first device, a device select line 46 for a second device and a device select line 49 for a third device.
  • a state control block 20 is used to select only one of the address decoder modules at a time. State control block 20 will assert the reset signals of the address decoder modules that are not selected.
  • state control block 20 when address decoder module 21 is not selected, state control block 20 will use a reset line 31 to assert a reset signal to address decoder module 21 .
  • address decoder module 22 When address decoder module 22 is not selected, state control block 20 will use a reset line 32 to assert a reset signal to address decoder module 22 .
  • address decoder module 23 When address decoder module 23 is not selected, state control block 20 will use a reset line 33 to assert a reset signal to address decoder module 23 .
  • Logic XOR circuitry 24 is used to select an active select signal for the first device to be forwarded to device select line 37 .
  • XOR circuitry 24 guarantees that one and only one device select line from device select lines 41 , 42 and 43 are asserted before an active select signal for the first device is forwarded to device select line 37 . If more than one device select line from device select lines 41 , 42 and 43 are asserted at the same time, this indicates that more than one address decoder modules are simultaneously active; therefore, XOR circuitry 24 will not assert select line 37 and a bus error will result.
  • Logic XOR circuitry 25 is used to select an active select signal for the first device to be forwarded to device select line 38 .
  • XOR circuitry 25 guarantees that one and only one device select line from device select lines 44 , 45 and 46 are asserted before an active select signal for the first device is forwarded to device select line 38 . If more than one device select line from device select lines 44 , 45 and 46 are asserted at the same time, this indicates that more than one address decoder modules are simultaneously active; therefore, XOR circuitry 25 will not assert select line 38 and a bus error will result.
  • Logic XOR circuitry 26 is used to select an active select signal for the first device to be forwarded to device select line 39 .
  • XOR circuitry 26 guarantees that one and only one device select line from device select lines 47 , 48 and 49 are asserted before an active select signal for the first device is forwarded to device select line 39 . If more than one device select line from device select lines 47 , 48 and 49 are asserted at the same time, this indicates that more than one address decoder modules are simultaneously active; therefore, XOR circuitry 26 will not assert select line 39 and a bus error will result.
  • State control block 20 detects state changes, for example, by monitoring a value within a register, or by logic detecting a state change within a processor.
  • a state change may be from a normal state to a secure state, or from a normal state to a test state.
  • FIG. 3 shows simplified input/output (I/O) for an address decoder module 50 which is representative of the address decoder modules shown in FIG. 2 .
  • Address decoder module 50 is designed to work with an AMBA System Bus (ASB).
  • ASB AMBA System Bus
  • Address decoder module 50 provides centralized address decoding for two or more ASB slave peripherals.
  • Address decoder module 50 provides a default transfer response and can be configured for both high and low speed operation.
  • Address decoder module 50 can be configured to also serve as a protection unit.
  • a scan test mode (ScanTestMode) input pin 51 when asserted high puts address decoder module 50 into the test state.
  • the transfer response tristates of address decoder module 50 are disabled and slave select (dsel) output pins 64 will always select one and only one slave.
  • a decoder enable (DecEnable) latch within address decoder module 50 is always transparent, and internal test points are enabled.
  • Two-bit transfer type (btran[ 1 : 0 ]) input bus pins 52 receive input which indicates the transfer type of the next bus transaction.
  • Thirty-two bit address (ba[ 31 : 0 ]) input bus pins 53 receive the AMBA system bus address.
  • a transfer direction (bwrite) input pin 54 receives an indication of the transfer direction. When bwrite is low, this indicates a read cycle. When bwrite is high this indicates a write cycle.
  • Two-bit transfer size (bsize[ 1 : 0 ] input bus pins 55 indicate the size of the data word to be transmitted.
  • Two-bit protection control (bprot[ 1 : 0 ]) input bus pins 56 provides information about the transfer type to implement basic transfer protection. Information includes whether the data is an opcode or data, and whether the access mode is user or supervisor.
  • a bus clock (bclk) input pin 57 receives the system bus clock.
  • a not bus clock (nbclk) input pin 58 receives the inverted system bus clock.
  • a reset (bnres) input pin 59 receives a reset signal which, when low, resets both address decoder module 50 .
  • a wait response (bwait) bi-directional pin 60 carries a signal which, when high indicates that at least one additional cycle is needed to complete the bus transaction, and when low indicates the transaction should complete in the current cycle.
  • An error response (berror) b-idirectional pin 61 carries a signal which, when high indicates a transfer error has occurred, and when low indicates the transfer is proceeding correctly. Error response (berror) bi-directional pin 61 is also used with last response (blast) bi-directional pin 62 to indicate a bus retraction.
  • a last response (blast) bi-directional pin 62 carries a signal which when high indicates that another cycle is needed for address decoding, and when low indicates that a burst sequence may continue.
  • Last response (blast) bi-directional pin 62 is also used with error response (berror) bi-directional pin 61 to indicate a bus retraction.
  • Slave select (dsel[y: 0 ]) output bus pins 64 generates signals for a bus consisting of enables for each slave device. Exactly one or none of the slaves is selected at a given time. When a single pin (dsel[x]) of slave select (dsel [y: 0 ]) output bus pins 64 is high, this indicates that slave x is selected. When a single pin (dsel[x]) of slave select (dsel[y: 0 ]) output bus pins 64 is low, this indicates that slave x is not selected.
  • FIG. 4 is a simplified block diagram of address decoder module 50 .
  • An address region 72 a memory transfer response block 75 , a transceiver 71 , a set of logical AND gates 78 and a control block 76 provide address decoding functionality for address decoder module 50 .
  • the address decoding functionality centrally decodes an address and selects an appropriate slave device.
  • the address decode consists simply of an upper order bit tag compare. If the address region is not a power of 2, then identical upper order bits are tag compared. The non-matching lower order bits are then compared, except for address ranges starting with 0 or ending in 0xFFFFFF, using two comparators. For the degenerate region starting at zero, the range 0 to A is determined by just a ⁇ A. Likewise, the region A to 0xFFFFFFFFFF is determined by just a >A.
  • Address region 72 detects an error and asserts, through a logic OR gate 77 , an error input 85 to control 76 when a user accesses an address region that contains no slave, an error response is produced.
  • a memory boundary check block 74 is included so that while address decoder module 50 is decoding the address, it also determines if a sequential access will still be in the active address region. To do this, memory boundary check block 74 checks the current address against the upper bounds for all address regions. The low order address bit (A[ 0 ]) of the address (ba[ 31 : 0 ]) input bus is ignored for word and half-word transfers. The second lowest order address bit (A[ 1 ]) of address (ba[ 31 : 0 ]) input bus is ignored for word transfers. If the current address matches one of the upper bounds, then a DecLast signal on a line 84 is asserted and address decoder module 50 inserts a wait state.
  • the address decoder module 50 provides additional access protection. This additional protection is provided by a protection unit 73 . Protection unit 73 generates an error signal which is forwarded through logic OR gate 77 to error input 85 of control block 76 .
  • Protection unit 73 detects an access alignment violation if the user accesses a data word at an address with a suffix other than 00 , or accesses a halfword at an address with a suffix other than 0 . In this case protection unit 73 generates an error signal. Detection of this type of violation can be disabled.
  • Protection unit 73 detects a read/write violation when an attempt is made to read from a write only region or to write to a read only region will produce an error response. In this case protection unit 73 generates an error signal.
  • Protection unit 73 detects a supervisor region access error when a user accesses a region marked for supervisor access only. In this case protection unit 73 generates an error signal.
  • Protection unit 73 detects an incorrect transfer size error if the user accesses an address with an unsupported transfer size (Byte, Halfword, or Word). In this case protection unit 73 generates an error signal.
  • Protection unit 73 detects a data type error when opcode fetch to a region marked as data only is attempted or a data access to a region marked as opcode only is attempted. In either case protection unit 73 generates an error signal.

Abstract

An address decoder includes a plurality of address decoder modules. Each address decoder module has a select line for each of a plurality of devices. Each of a plurality of XOR combination circuits performs a logic XOR function of all select lines for a single device from the plurality of devices. State control within the address decoder activates one address decoder module at a time.

Description

BACKGROUND
The present invention concerns security with a computing system, and pertains particularly to secure address remapping.
Address decoders are often utilized for memory mapping within a computing system. For example, in systems which utilize the Advanced Microcontroller Bus Architecture (AMBA), an address decoder has the main function of centrally decoding the address provided by a master and selecting the appropriate bus slave. For more information on AMBA and the AMBA System Bus (ASB), see the web site for Advanced Risk Machines, Ltd., at WWW.ARM.com.
While integrated circuits often include secure features for the purpose of protecting against theft or misuse, there typically has been no secure features built into address decoders.
SUMMARY OF THE INVENTION
In accordance with the preferred embodiment of the present invention an address decoder includes a plurality of address decoder modules. Each address decoder module has a select line for each of a plurality of devices. Each of a plurality of XOR combination circuits performs a logic XOR function of all select lines for a single device from the plurality of devices. State control within the address decoder activates one address decoder module at a time.
In the preferred embodiment, each address decoder module is connected to an address bus portion of an AMBA System Bus (ASB). For example, when the address decoder is implemented for an AMBA System Bus (ASB), each address decoder module can be implemented as a standard ASB address decoder.
In the preferred embodiment, the state control asserts reset signals of all address decoder modules that are not activated. The permission access level required to access a device and the base address used to access a device can vary dependent on which address decoder module is activated. For example, different boot addresses for a processor could be accessed such that initially software could be booted (location 0) from flash memory and then copied to random access memory (RAM) to be executed such that RAM now utilizes boot address (location 0).
The present invention allows for the addition of security features into an address decoder. The use of multiple address decoder modules, as set out in the present invention, allows the re-use of a standard block to form a secure address decoder. Thus, in addition to an increase in security, the present invention allows for a simpler design when an address decoder needs to take into account state changes.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a simplified block diagram that shows a modular address decoder used to decode addresses on a bus in order to select a device in accordance with a preferred embodiment of the present invention.
FIG. 2 is a simplified block diagram of the modular address decoder with secure features shown in FIG. 1 in accordance with a preferred embodiment of the present invention.
FIG. 3 shows simplified input/output (I/O) for an address decoder module in accordance with a preferred embodiment of the present invention.
FIG. 4 is a simplified block diagram of an address decoder module in accordance with a preferred embodiment of the present invention.
DESCRIPTION OF THE PREFERRED EMBODIMENT
FIG. 1 is a simplified block diagram that shows a modular address decoder 10 used to decode addresses on a bus 30 in order to select one of a plurality of devices represented by a device 11, a device 12 and a device 13. While three devices are shown by way of example, any number of devices may be used.
When an address on bus 30 indicates device 11 is to be selected, address decoder 10 will assert the signal on a device select line 37. When an address on bus 30 indicates device 12 is to be selected, address decoder 10 will assert the signal on a device select line 38. When an address on bus 30 indicates device 13 is to be selected, address decoder 10 will assert the signal on a device select line 39.
Bus 30, for example, operates in accordance with the Advanced Microcontroller Bus Architecture (AMBA).
FIG. 2 is a block diagram of address decoder 10. Address decoder 10 includes a plurality of address decoder modules. The address decoder modules are represented by an address decoder module 21, an address decoder module 22 and an address decoder module 23. While three address decoder modules are shown by way of example, it is only required for the present invention that at least two address decoder modules are present. Any number greater than two is acceptable.
Each address decoder module has a unique device select line for each device. For example, address decoder module 21 has a device select line 41 for a first device, a device select line 44 for a second device and a device select line 47 for a third device. Address decoder module 22 has a device select line 42 for a first device, a device select line 45 for a second device and a device select line 48 for a third device. Address decoder module 23 has a device select line 43 for a first device, a device select line 46 for a second device and a device select line 49 for a third device.
A state control block 20 is used to select only one of the address decoder modules at a time. State control block 20 will assert the reset signals of the address decoder modules that are not selected.
For example, when address decoder module 21 is not selected, state control block 20 will use a reset line 31 to assert a reset signal to address decoder module 21. When address decoder module 22 is not selected, state control block 20 will use a reset line 32 to assert a reset signal to address decoder module 22. When address decoder module 23 is not selected, state control block 20 will use a reset line 33 to assert a reset signal to address decoder module 23.
Logic XOR circuitry 24 is used to select an active select signal for the first device to be forwarded to device select line 37. XOR circuitry 24 guarantees that one and only one device select line from device select lines 41, 42 and 43 are asserted before an active select signal for the first device is forwarded to device select line 37. If more than one device select line from device select lines 41, 42 and 43 are asserted at the same time, this indicates that more than one address decoder modules are simultaneously active; therefore, XOR circuitry 24 will not assert select line 37 and a bus error will result.
Logic XOR circuitry 25 is used to select an active select signal for the first device to be forwarded to device select line 38. XOR circuitry 25 guarantees that one and only one device select line from device select lines 44, 45 and 46 are asserted before an active select signal for the first device is forwarded to device select line 38. If more than one device select line from device select lines 44, 45 and 46 are asserted at the same time, this indicates that more than one address decoder modules are simultaneously active; therefore, XOR circuitry 25 will not assert select line 38 and a bus error will result.
Logic XOR circuitry 26 is used to select an active select signal for the first device to be forwarded to device select line 39. XOR circuitry 26 guarantees that one and only one device select line from device select lines 47, 48 and 49 are asserted before an active select signal for the first device is forwarded to device select line 39. If more than one device select line from device select lines 47, 48 and 49 are asserted at the same time, this indicates that more than one address decoder modules are simultaneously active; therefore, XOR circuitry 26 will not assert select line 39 and a bus error will result.
The address decoder modules can each have unique permissions and base addresses for each of the devices. State control block 20 detects state changes, for example, by monitoring a value within a register, or by logic detecting a state change within a processor. For example, a state change may be from a normal state to a secure state, or from a normal state to a test state.
The use of multiple address decoder modules allows the re-use of a standard block to form a secure address decoder. This increases security, allows for a simpler design when an address decoder needs to take into account state changes.
FIG. 3 shows simplified input/output (I/O) for an address decoder module 50 which is representative of the address decoder modules shown in FIG. 2. Address decoder module 50 is designed to work with an AMBA System Bus (ASB). Address decoder module 50 provides centralized address decoding for two or more ASB slave peripherals. Address decoder module 50 provides a default transfer response and can be configured for both high and low speed operation. Address decoder module 50 can be configured to also serve as a protection unit. This is accomplished by allowing an address region to be read/write, read only, or write only, by allowing an address region to be accessed in supervisor mode only, by allowing an address region to be opcode only or data only, by reporting incorrectly aligned memory accesses, by allowing or disallowing byte, halfword, and word accesses, and by reporting accesses to undefined memory regions.
A scan test mode (ScanTestMode) input pin 51, when asserted high puts address decoder module 50 into the test state. In the test state, the transfer response tristates of address decoder module 50 are disabled and slave select (dsel) output pins 64 will always select one and only one slave. Also when in the test state, a decoder enable (DecEnable) latch within address decoder module 50 is always transparent, and internal test points are enabled.
Two-bit transfer type (btran[1:0]) input bus pins 52 receive input which indicates the transfer type of the next bus transaction. The three types of bus transaction are address-only (ATRAN, btran=00), sequential (STRAN, btran=11), and non-sequential (NTRAN, btran=10).
Thirty-two bit address (ba[31:0]) input bus pins 53 receive the AMBA system bus address.
A transfer direction (bwrite) input pin 54 receives an indication of the transfer direction. When bwrite is low, this indicates a read cycle. When bwrite is high this indicates a write cycle.
Two-bit transfer size (bsize[1:0] input bus pins 55 indicate the size of the data word to be transmitted. The three possible sizes are 32-bits (bsize=00), 16-bits (bsize=01), and 8-bits (bsize=10).
Two-bit protection control (bprot[1:0]) input bus pins 56 provides information about the transfer type to implement basic transfer protection. Information includes whether the data is an opcode or data, and whether the access mode is user or supervisor.
A bus clock (bclk) input pin 57 receives the system bus clock.
A not bus clock (nbclk) input pin 58 receives the inverted system bus clock.
A reset (bnres) input pin 59 receives a reset signal which, when low, resets both address decoder module 50.
A wait response (bwait) bi-directional pin 60 carries a signal which, when high indicates that at least one additional cycle is needed to complete the bus transaction, and when low indicates the transaction should complete in the current cycle.
An error response (berror) b-idirectional pin 61 carries a signal which, when high indicates a transfer error has occurred, and when low indicates the transfer is proceeding correctly. Error response (berror) bi-directional pin 61 is also used with last response (blast) bi-directional pin 62 to indicate a bus retraction.
A last response (blast) bi-directional pin 62 carries a signal which when high indicates that another cycle is needed for address decoding, and when low indicates that a burst sequence may continue. Last response (blast) bi-directional pin 62 is also used with error response (berror) bi-directional pin 61 to indicate a bus retraction.
Slave select (dsel[y:0]) output bus pins 64 generates signals for a bus consisting of enables for each slave device. Exactly one or none of the slaves is selected at a given time. When a single pin (dsel[x]) of slave select (dsel [y:0]) output bus pins 64 is high, this indicates that slave x is selected. When a single pin (dsel[x]) of slave select (dsel[y:0]) output bus pins 64 is low, this indicates that slave x is not selected.
FIG. 4 is a simplified block diagram of address decoder module 50. An address region 72, a memory transfer response block 75, a transceiver 71, a set of logical AND gates 78 and a control block 76 provide address decoding functionality for address decoder module 50. The address decoding functionality centrally decodes an address and selects an appropriate slave device.
If the address range is a single address or is size 2n and starts on a multiple of 2n, then the address decode consists simply of an upper order bit tag compare. If the address region is not a power of 2, then identical upper order bits are tag compared. The non-matching lower order bits are then compared, except for address ranges starting with 0 or ending in 0xFFFFFFFF, using two comparators. For the degenerate region starting at zero, the range 0 to A is determined by just a <A. Likewise, the region A to 0xFFFFFFFF is determined by just a >A.
Address region 72 detects an error and asserts, through a logic OR gate 77, an error input 85 to control 76 when a user accesses an address region that contains no slave, an error response is produced.
A memory boundary check block 74 is included so that while address decoder module 50 is decoding the address, it also determines if a sequential access will still be in the active address region. To do this, memory boundary check block 74 checks the current address against the upper bounds for all address regions. The low order address bit (A[0]) of the address (ba[31:0]) input bus is ignored for word and half-word transfers. The second lowest order address bit (A[1]) of address (ba[31:0]) input bus is ignored for word transfers. If the current address matches one of the upper bounds, then a DecLast signal on a line 84 is asserted and address decoder module 50 inserts a wait state.
In addition to the error detection provided by address region 72, the address decoder module 50 provides additional access protection. This additional protection is provided by a protection unit 73. Protection unit 73 generates an error signal which is forwarded through logic OR gate 77 to error input 85 of control block 76.
Protection unit 73 detects an access alignment violation if the user accesses a data word at an address with a suffix other than 00, or accesses a halfword at an address with a suffix other than 0. In this case protection unit 73 generates an error signal. Detection of this type of violation can be disabled.
Protection unit 73 detects a read/write violation when an attempt is made to read from a write only region or to write to a read only region will produce an error response. In this case protection unit 73 generates an error signal.
Protection unit 73 detects a supervisor region access error when a user accesses a region marked for supervisor access only. In this case protection unit 73 generates an error signal.
Protection unit 73 detects an incorrect transfer size error if the user accesses an address with an unsupported transfer size (Byte, Halfword, or Word). In this case protection unit 73 generates an error signal.
Protection unit 73 detects a data type error when opcode fetch to a region marked as data only is attempted or a data access to a region marked as opcode only is attempted. In either case protection unit 73 generates an error signal.
The foregoing discussion discloses and describes merely exemplary methods and embodiments of the present invention. As will be understood by those familiar with the art, the invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. Accordingly, the disclosure of the present invention is intended to be illustrative, but not limiting, of the scope of the invention, which is set forth in the following claims.

Claims (10)

I claim:
1. An address decoder comprising:
a plurality of address decoder modules, each address decoder module from the plurality of address decoder modules having a select line for each of a plurality of devices;
a plurality of XOR combination circuits, each XOR combination circuit from the plurality of XOR combination circuits performing a logic XOR function of all select lines for a single device from the plurality of devices; and,
state control means for activating one address decoder module from the plurality of address decoder modules at a time.
2. An address decoder as in claim 1, wherein each address decoder module from the plurality of address decoder modules is connected to an address bus.
3. A method as in claim 1, wherein the state control means asserts reset signals of all address decoder modules, from the plurality of address decoder modules, which are not activated.
4. A method as in claim 1 wherein a permission access level required to access a device varies dependent on which address decoder module is activated.
5. A method as in claim 1 wherein a base address used to access a device varies dependent on which address decoder module is activated.
6. A method for decoding addresses comprising the following steps:
(a) activating one address decoder module from a plurality of address decoder modules at a time, each address decoder module from the plurality of address decoder modules having one select line for each device in a plurality of devices;
(b) activating, by the address decoder module from the plurality of address decoder modules, a first select line for a first device from the plurality of devices; and,
(c) performing, for each device in the plurality of devices, a logic XOR function of all select lines for the device.
7. A method as in claim 6, wherein in step (a) each address decoder module from the plurality of address decoder modules is connected to an address bus.
8. A method as in claim 6, wherein step (a) includes the following substep:
(a.1) asserting, by state control logic, reset signals of all address decoder modules, from the plurality of address decoder modules, which are not activated.
9. A method as in claim 6 wherein a permission access level required to access a device varies dependent on which address decoder module is activated.
10. A method as in claim 6 wherein a base address used to access a device varies dependent on which address decoder module is activated.
US09/241,263 1999-02-01 1999-02-01 Method and apparatus for secure address re-mapping Expired - Lifetime US6260132B1 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
US09/241,263 US6260132B1 (en) 1999-02-01 1999-02-01 Method and apparatus for secure address re-mapping
EP99962947A EP1066567B1 (en) 1999-02-01 1999-11-30 Method and apparatus for secure address re-mapping
JP2000596462A JP2002536718A (en) 1999-02-01 1999-11-30 Address remapping assurance apparatus and method
CNB998069167A CN1154930C (en) 1999-02-01 1999-11-30 Method and apparatus for secure address re-mapping
PCT/US1999/028356 WO2000045272A1 (en) 1999-02-01 1999-11-30 Method and apparatus for secure address re-mapping
DE69941253T DE69941253D1 (en) 1999-02-01 1999-11-30 METHOD AND DEVICE FOR SECURED ADDRESS RECONSTRUCTION

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US09/241,263 US6260132B1 (en) 1999-02-01 1999-02-01 Method and apparatus for secure address re-mapping

Publications (1)

Publication Number Publication Date
US6260132B1 true US6260132B1 (en) 2001-07-10

Family

ID=22909958

Family Applications (1)

Application Number Title Priority Date Filing Date
US09/241,263 Expired - Lifetime US6260132B1 (en) 1999-02-01 1999-02-01 Method and apparatus for secure address re-mapping

Country Status (6)

Country Link
US (1) US6260132B1 (en)
EP (1) EP1066567B1 (en)
JP (1) JP2002536718A (en)
CN (1) CN1154930C (en)
DE (1) DE69941253D1 (en)
WO (1) WO2000045272A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6535422B2 (en) * 2000-12-28 2003-03-18 Hitachi, Ltd. Nonvolatile memory system
US20040005061A1 (en) * 2002-07-08 2004-01-08 Buer Mark L. Key management system and method
US20040019619A1 (en) * 2002-07-29 2004-01-29 Buer Mark L. System and method for generating initial vectors
US20040019789A1 (en) * 2002-07-29 2004-01-29 Buer Mark L. System and method for cryptographic control of system configurations
US20060233149A1 (en) * 2005-04-06 2006-10-19 Viresh Rustagi Secure conditional access and digital rights management in a multimedia processor
US20130198433A1 (en) * 2008-11-10 2013-08-01 Micron Technology, Inc. Methods and systems for devices with self-selecting bus decoder

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106933751B (en) * 2015-12-29 2019-12-24 澜起科技股份有限公司 Method and apparatus for protecting dynamic random access memory

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0608060A1 (en) 1993-01-11 1994-07-27 Ascom Autelca Ltd. Data protection apparatus and method
US5377357A (en) * 1990-08-20 1994-12-27 Kabushiki Kaisha Toshiba Connection state confirmation system and method for expansion unit
US5581567A (en) * 1991-08-14 1996-12-03 International Business Machines Corporation Dual level error detection and correction employing data subsets from previously corrected data
US5617559A (en) 1994-08-31 1997-04-01 Motorola Inc. Modular chip select control circuit and method for performing pipelined memory accesses
US5654923A (en) * 1993-12-27 1997-08-05 Mitsubishi Denki Kabushiki Kaisha Semiconductor data storage apparatus
US5657291A (en) * 1996-04-30 1997-08-12 Sun Microsystems, Inc. Multiport register file memory cell configuration for read operation
US5706407A (en) 1993-12-28 1998-01-06 Kabushiki Kaisha Toshiba System for reallocation of memory banks in memory sized order
US5963104A (en) * 1996-04-15 1999-10-05 Vlsi Technology, Inc. Standard cell ring oscillator of a non-deterministic randomizer circuit
US5964825A (en) * 1996-02-09 1999-10-12 Texas Instruments Incorporated Manipulation of boolean values and conditional operation in a microprocessor

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5377357A (en) * 1990-08-20 1994-12-27 Kabushiki Kaisha Toshiba Connection state confirmation system and method for expansion unit
US5581567A (en) * 1991-08-14 1996-12-03 International Business Machines Corporation Dual level error detection and correction employing data subsets from previously corrected data
EP0608060A1 (en) 1993-01-11 1994-07-27 Ascom Autelca Ltd. Data protection apparatus and method
US5654923A (en) * 1993-12-27 1997-08-05 Mitsubishi Denki Kabushiki Kaisha Semiconductor data storage apparatus
US5706407A (en) 1993-12-28 1998-01-06 Kabushiki Kaisha Toshiba System for reallocation of memory banks in memory sized order
US5617559A (en) 1994-08-31 1997-04-01 Motorola Inc. Modular chip select control circuit and method for performing pipelined memory accesses
US5964825A (en) * 1996-02-09 1999-10-12 Texas Instruments Incorporated Manipulation of boolean values and conditional operation in a microprocessor
US5963104A (en) * 1996-04-15 1999-10-05 Vlsi Technology, Inc. Standard cell ring oscillator of a non-deterministic randomizer circuit
US5657291A (en) * 1996-04-30 1997-08-12 Sun Microsystems, Inc. Multiport register file memory cell configuration for read operation

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100810182B1 (en) * 2000-12-28 2008-03-07 가부시키가이샤 히타치세이사쿠쇼 nonvolatile memory system
US6535422B2 (en) * 2000-12-28 2003-03-18 Hitachi, Ltd. Nonvolatile memory system
US8340299B2 (en) 2002-07-08 2012-12-25 Broadcom Corporation Key management system and method
US7773754B2 (en) 2002-07-08 2010-08-10 Broadcom Corporation Key management system and method
US20040005061A1 (en) * 2002-07-08 2004-01-08 Buer Mark L. Key management system and method
US20100290624A1 (en) * 2002-07-08 2010-11-18 Broadcom Corporation Key Management System and Method
US7469338B2 (en) 2002-07-29 2008-12-23 Broadcom Corporation System and method for cryptographic control of system configurations
US20090106555A1 (en) * 2002-07-29 2009-04-23 Broadcom Corporation System and Method For Control Of Security Configurations
US20040019789A1 (en) * 2002-07-29 2004-01-29 Buer Mark L. System and method for cryptographic control of system configurations
US7822797B2 (en) 2002-07-29 2010-10-26 Broadcom Corporation System and method for generating initial vectors
US20040019619A1 (en) * 2002-07-29 2004-01-29 Buer Mark L. System and method for generating initial vectors
US8225087B2 (en) 2002-07-29 2012-07-17 Broadcom Corporation System and method for control of security configurations
US20060233149A1 (en) * 2005-04-06 2006-10-19 Viresh Rustagi Secure conditional access and digital rights management in a multimedia processor
US9553848B2 (en) * 2005-04-06 2017-01-24 Broadcom Corporation Secure conditional access and digital rights management in a multimedia processor
US20130198433A1 (en) * 2008-11-10 2013-08-01 Micron Technology, Inc. Methods and systems for devices with self-selecting bus decoder
US9785588B2 (en) * 2008-11-10 2017-10-10 Micron Technology, Inc. Methods and systems for devices with self-selecting bus decoder

Also Published As

Publication number Publication date
WO2000045272A1 (en) 2000-08-03
EP1066567B1 (en) 2009-08-12
CN1304508A (en) 2001-07-18
JP2002536718A (en) 2002-10-29
EP1066567A1 (en) 2001-01-10
DE69941253D1 (en) 2009-09-24
CN1154930C (en) 2004-06-23

Similar Documents

Publication Publication Date Title
JP4234202B2 (en) System for controlling access to registers mapped to I / O address space of a computer system
US8683115B2 (en) Programmable mapping of external requestors to privilege classes for access protection
US5450576A (en) Distributed multi-processor boot system for booting each processor in sequence including watchdog timer for resetting each CPU if it fails to boot
US8806110B2 (en) Flexible memory protection and translation unit
US6397301B1 (en) Preventing access to secure area of a cache
EP0382468A2 (en) Power-on password functions for computer system
US5704039A (en) Mask programmable security system for a data processor and method therefor
CA2146138A1 (en) Double buffering operations between the memory bus and the expansion bus of a computer system
JPH07191903A (en) System and operating method of data processing
EP0702297B1 (en) A data processor with breakpoint circuit
US20030172214A1 (en) Data processing system with peripheral access protection and method therefor
US7404019B2 (en) Method and apparatus for endianness control in a data processing system
JP4587756B2 (en) Semiconductor integrated circuit device
US6546482B1 (en) Invalid configuration detection resource
US6601130B1 (en) Memory interface unit with programmable strobes to select different memory devices
US6678838B1 (en) Method to track master contribution information in a write buffer
US6260132B1 (en) Method and apparatus for secure address re-mapping
WO2008030727A2 (en) Access control of memory space in microprocessor systems
US6421765B1 (en) Method and apparatus for selecting functional space in a low pin count memory device
JP3995883B2 (en) Memory protection system for multitasking systems
US7484069B2 (en) Watchpointing unaligned data accesses
US7389368B1 (en) Inter-DSP signaling in a multiple DSP environment
JP2003316649A (en) Microprocessor
KR100252254B1 (en) Computer system using mixed memory modules
JPS6329859A (en) Memory protection circuit

Legal Events

Date Code Title Description
AS Assignment

Owner name: VLSI TECHNOLOGY, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BUER, MARK LEONARD;REEL/FRAME:009759/0276

Effective date: 19990125

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: NXP B.V., NETHERLANDS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PHILIPS SEMICONDUCTORS INC.;REEL/FRAME:018645/0779

Effective date: 20061130

Owner name: PHILIPS SEMICONDUCTORS VLSI INC., NEW YORK

Free format text: CHANGE OF NAME;ASSIGNOR:VLSI TECHNOLOGY, INC.;REEL/FRAME:018635/0570

Effective date: 19990702

AS Assignment

Owner name: PHILIPS SEMICONDUCTORS INC., NEW YORK

Free format text: CHANGE OF NAME;ASSIGNOR:PHILIPS SEMICONDUCTORS VLSI INC.;REEL/FRAME:018668/0255

Effective date: 19991220

FPAY Fee payment

Year of fee payment: 8

FPAY Fee payment

Year of fee payment: 12

AS Assignment

Owner name: NXP B.V., NETHERLANDS

Free format text: CHANGE OF NAME;ASSIGNOR:PHILIPS SEMICONDUCTORS INTERNATIONAL B.V.;REEL/FRAME:043951/0611

Effective date: 20060929

Owner name: PHILIPS SEMICONDUCTORS INTERNATIONAL B.V., NETHERL

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KONINKLIJKE PHILIPS ELECTRONICS N.V.;REEL/FRAME:043951/0127

Effective date: 20060928